I don't think it's being published. The snippets in the paper were obtained from process memory dumps by folks reversing the malware, so we don't really have a good clean copy - just fragments.
Interesting. Well if it ever gets published would love to see it! We have our own js to help us model 'unique voters reached' and as one piece of fraud reduction toolset (in addition to 3rd party providers). The given example in pdf (maxchannelcount) is actually one piece of entropy we collect.
Now I'm thinking through this example,I'm going to try and test for these monkey patched methods (not sure if can do it, but maybe md5(toSting) compare to major browser native hashes?).
Sounds like you work for a verification vendor, if so have you had success with detecting these 'monkey patches'?
I work for White Ops, which could reasonably be considered a verification vendor, though we prefer to be known as a security company.
As you can imagine, specific techniques used for detecting fraudulent monkey patching (or even whether we attempt to do so) aren't generally something I can talk about.
That said, there are a few slides about the cat-and-mouse games of .toString() here (starting about page 20): https://rya.nc/shmoo17 [PDF]
In short, using .toString() will find naive monkey patches, however it can be overridden to varying degrees of cleverness.
Of course they already thought of that lol. I really love the cleverness of this 'game.' I probably spend far too much time tinkering with our own js measurement script for how small we are but it's kind of addictingly fun.
Are you involved with sales or just engineering? My work email is in my profile I might drop you a note though I am just guessing your product is too expensive for our clients (mostly political campaigns).
I'm a researcher - I don't actually see your email in your profile, you have to include it in the about text if you want it to be seen. I can put you in touch with the right person in sales if you contact me (my personal email is publicly visible).
